Debian Bug report logs - #309308
kernel-image-2.6.8-2-686-smp: null pointer oops on udp packets

version graph

Package: kernel-image-2.6.8-2-686-smp; Maintainer for kernel-image-2.6.8-2-686-smp is (unknown);

Reported by: Peter Sandstrom <peter.sandstrom@jajja.com>

Date: Mon, 16 May 2005 09:33:11 UTC

Severity: critical

Tags: moreinfo, sarge-ignore, security

Found in version 2.6.8-13

Fixed in version kernel-source-2.6.8/2.6.8-16sarge1

Done: Simon Horman <horms@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, peter.sandstrom@jajja.com, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Peter Sandstrom <peter.sandstrom@jajja.com>:
New Bug report received and forwarded. Copy sent to peter.sandstrom@jajja.com, Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Peter Sandstrom <peter.sandstrom@jajja.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel-image-2.6.8-2-686-smp: null pointer oops on udp packets
Date: Mon, 16 May 2005 11:26:56 +0200
Package: kernel-image-2.6.8-2-686-smp
Version: 2.6.8-13
Severity: critical
Tags: security
Justification: breaks the whole system


kernel oops while trying to do a snmpwalk from a remote host. the entire
udp stack becomes unresponsive and reboot fails when trying to bring
down network interfaces. unsure if this is exploitable for a DoS attack,
will investigate further when i have time if this not a know issue.

0000:01:01.0 Ethernet controller: Intel Corp. 82547GI Gigabit Ethernet
Controller
0000:03:02.0 Ethernet controller: Intel Corp. 82541GI/PI Gigabit
Ethernet Controller

vlan tagging is in use on the interface that recieves the udp packet
that causes the oops.

Unable to handle kernel NULL pointer dereference at virtual address
00000000
 printing eip:
f89f64f2
*pde = 00000000
Oops: 0000 [#1]
PREEMPT SMP
Modules linked in: deflate zlib_deflate twofish serpent aes_i586
blowfish des sha256 sha1 crypto_null af_key tun ipv6 8021q dm_mod
capability commoncap e1000 genrtc ext3 jbd mbcache sd_mod ata_piix
libata scsi_mod unix font vesafb cfbcopyarea cfbimgblt cfbfillrect
CPU:    1
EIP:    0060:[<f89f64f2>]    Not tainted
EFLAGS: 00010a86   (2.6.8-2-686-smp)
EIP is at e1000_shift_out_mdi_bits+0x22/0xa0 [e1000]
eax: ffffffff   ebx: 80000000   ecx: 0000001f   edx: 00000000
esi: f77f3c10   edi: f74bbe6c   ebp: ffffffff   esp: f74bbe64
ds: 007b   es: 007b   ss: 0068
Process snmpd (pid: 793, threadinfo=f74ba000 task=f505b410)
Stack: c038b124 c01163e7 00000000 00001820 f77f3c10 f74bbee2 f74bbf30
f89f674b
       f77f3c10 ffffffff 00000020 f74bbecc f77f3a20 f74bbedc f89f3b3b
f77f3c10
       00000000 f74bbee2 f74bbecc f89f3950 f74bbedc f8880ab1 f77f3800
f74bbecc
Call Trace:
 [<c01163e7>] smp_apic_timer_interrupt+0xe7/0x160
 [<f89f674b>] e1000_read_phy_reg_ex+0xab/0xd0 [e1000]
 [<f89f3b3b>] e1000_mii_ioctl+0x1cb/0x1d0 [e1000]
 [<f89f3950>] e1000_ioctl+0x0/0x20 [e1000]
 [<f8880ab1>] vlan_dev_ioctl+0xc1/0x110 [8021q]
 [<c0236944>] dev_ifsioc+0x374/0x3e0
 [<c0236b46>] dev_ioctl+0x196/0x320
 [<c027f59c>] inet_ioctl+0x9c/0xb0
 [<c022b9d9>] sock_ioctl+0x139/0x300
 [<c0174d78>] sys_ioctl+0x148/0x2d0
 [<c01061fb>] syscall_call+0x7/0xb
Code: 8b 02 0d 00 00 00 03 89 44 24 08 85 db 74 56 eb 0d 90 90 90


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages kernel-image-2.6.8-2-686-smp depends on:
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  fileutils                     5.2.1-2    The GNU file management utilities 
ii  initrd-tools                  0.1.78     tools to create initrd image for p
ii  module-init-tools             3.2-pre1-2 tools for managing Linux kernel mo

-- no debconf information



Tags added: sarge-ignore Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to maximilian attems <debian@sternwelten.at>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #12 received at 309308@bugs.debian.org (full text, mbox):

From: maximilian attems <debian@sternwelten.at>
To: Peter Sandstrom <peter.sandstrom@jajja.com>, 309308@bugs.debian.org
Subject: Re: Bug#309308: kernel-image-2.6.8-2-686-smp: null pointer oops on udp packets
Date: Wed, 18 May 2005 09:37:22 +0200
tags 309308 moreinfo
stop

On Mon, 16 May 2005, Peter Sandstrom wrote:

> Package: kernel-image-2.6.8-2-686-smp
> Version: 2.6.8-13
> Severity: critical
> Tags: security
> Justification: breaks the whole system
 
please send in dmesg after boot.
> 
> kernel oops while trying to do a snmpwalk from a remote host. the entire
> udp stack becomes unresponsive and reboot fails when trying to bring
> down network interfaces. unsure if this is exploitable for a DoS attack,
> will investigate further when i have time if this not a know issue.

is it repeatable and how?
assume i never used that snmp beast.

can you try the 2.6.11 image from unstable, is it fixed there?
 
thanks for your feedback.

--
maks



Tags added: moreinfo Request was from maximilian attems <debian@sternwelten.at> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Paul TBBle Hampson <Paul.Hampson@anu.edu.au>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #19 received at 309308@bugs.debian.org (full text, mbox):

From: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
To: Debian Bug Tracking System <309308@bugs.debian.org>
Subject: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Date: Thu, 11 Aug 2005 11:42:54 +1000
[Message part 1 (text/plain, inline)]
Package: kernel-image-2.6.8-2-686-smp
Followup-For: Bug #309308

Just noticed this bug in the testing-security list. I don't know if the
below patch has been slurped into the Debian patches for 2.6.8, but the
error posted looks like the same error I suffered when hitting this bug.

Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html

The patch was taken into 2.6.9-rc2, and the bug was in code introduced
very late in the 2.6.8 cycle. (August 2004 I believe)

diff -Nru a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
--- a/net/8021q/vlan_dev.c      2004-09-10 06:12:16 -07:00
+++ b/net/8021q/vlan_dev.c      2004-09-10 06:12:16 -07:00
@@ -772,7 +772,7 @@                                                                                                                                          
        case SIOCGMIIREG:
        case SIOCSMIIREG:
                if (real_dev->do_ioctl && netif_device_present(real_dev))
-                       err = real_dev->do_ioctl(dev, &ifrr, cmd);
+                       err = real_dev->do_ioctl(real_dev, &ifrr, cmd);
                break;

        case SIOCETHTOOL:

Cut and paste from the web archive, so spacing etc. may be boned.
But it's a typo-only fix anyway, so easy enough to recreate.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (950, 'unstable'), (900, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

-- 
Paul "TBBle" Hampson, Paul.Hampson@Anu.edu.au
8th year CompSci/Asian Studies student, ANU

Shorter .sig for a more eco-friendly paperless office.
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Horms <horms@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #24 received at 309308@bugs.debian.org (full text, mbox):

From: Horms <horms@debian.org>
To: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>, 309308@bugs.debian.org
Cc: secure-testing-team@lists.alioth.debian.org, control@bugs.debian.org
Subject: Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Date: Thu, 11 Aug 2005 13:24:22 +0900
tags +pending 309308
tags +patch 309308
thanks

On Thu, Aug 11, 2005 at 11:42:54AM +1000, Paul TBBle Hampson wrote:
> Package: kernel-image-2.6.8-2-686-smp
> Followup-For: Bug #309308
> 
> Just noticed this bug in the testing-security list. I don't know if the
> below patch has been slurped into the Debian patches for 2.6.8, but the
> error posted looks like the same error I suffered when hitting this bug.
> 
> Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
> 
> The patch was taken into 2.6.9-rc2, and the bug was in code introduced
> very late in the 2.6.8 cycle. (August 2004 I believe)
> 
> diff -Nru a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
> --- a/net/8021q/vlan_dev.c      2004-09-10 06:12:16 -07:00
> +++ b/net/8021q/vlan_dev.c      2004-09-10 06:12:16 -07:00
> @@ -772,7 +772,7 @@                                                                                                                                          
>         case SIOCGMIIREG:
>         case SIOCSMIIREG:
>                 if (real_dev->do_ioctl && netif_device_present(real_dev))
> -                       err = real_dev->do_ioctl(dev, &ifrr, cmd);
> +                       err = real_dev->do_ioctl(real_dev, &ifrr, cmd);
>                 break;
> 
>         case SIOCETHTOOL:
> 
> Cut and paste from the web archive, so spacing etc. may be boned.
> But it's a typo-only fix anyway, so easy enough to recreate.

Thanks I have added this to SVN. 

Is this considered a security bug and if so does it have a CAN number?

-- 
Horms



Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #29 received at 309308@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Horms <horms@debian.org>
Cc: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>, 309308@bugs.debian.org, secure-testing-team@lists.alioth.debian.org
Subject: Re: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Date: Thu, 11 Aug 2005 11:04:17 +0200
Horms wrote:
> > below patch has been slurped into the Debian patches for 2.6.8, but the
> > error posted looks like the same error I suffered when hitting this bug.
> > 
> > Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
> > 
> > Cut and paste from the web archive, so spacing etc. may be boned.
> > But it's a typo-only fix anyway, so easy enough to recreate.
> 
> Thanks I have added this to SVN. 
> 
> Is this considered a security bug and if so does it have a CAN number?

There is no public CVE assignment for this issue. If's it easily reproducable
for non-root, it might account as a local DoS vulnerability.

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Paul TBBle Hampson <Paul.Hampson@anu.edu.au>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #34 received at 309308@bugs.debian.org (full text, mbox):

From: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Horms <horms@debian.org>, 309308@bugs.debian.org, secure-testing-team@lists.alioth.debian.org
Subject: Re: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Date: Thu, 11 Aug 2005 19:46:12 +1000
[Message part 1 (text/plain, inline)]
On Thu, Aug 11, 2005 at 11:04:17AM +0200, Moritz Muehlenhoff wrote:
> Horms wrote:
> >> below patch has been slurped into the Debian patches for 2.6.8, but the
> >> error posted looks like the same error I suffered when hitting this bug.
> >> 
> >> Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
> >> 
> >> Cut and paste from the web archive, so spacing etc. may be boned.
> >> But it's a typo-only fix anyway, so easy enough to recreate.
>> 
>> Thanks I have added this to SVN. 
>> 
>> Is this considered a security bug and if so does it have a CAN number?

> There is no public CVE assignment for this issue. If's it easily reproducable
> for non-root, it might account as a local DoS vulnerability.

mii-tool's IOCTL is only allowed by root.

The remote DoS comes from the fact that snmpd will call this IOCTL when it
gets a request for the interface statistics.

So it's exploitable via SNMP if the exploiter has access to the SNMP tree
in question. (Which is not the default, if I recall correctly?)

However, this means that cricket will bone the machine during the boot process,
or soon after.

^_^

-- 
-----------------------------------------------------------
Paul "TBBle" Hampson, MCSE
8th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson@Anu.edu.au

"No survivors? Then where do the stories come from I wonder?"
-- Capt. Jack Sparrow, "Pirates of the Caribbean"

License: http://creativecommons.org/licenses/by/2.1/au/
-----------------------------------------------------------
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Horms <horms@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #39 received at 309308@bugs.debian.org (full text, mbox):

From: Horms <horms@debian.org>
To: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>
Cc: Moritz Muehlenhoff <jmm@inutil.org>, 309308@bugs.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org
Subject: Re: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Date: Thu, 11 Aug 2005 18:57:55 +0900
On Thu, Aug 11, 2005 at 07:46:12PM +1000, Paul TBBle Hampson wrote:
> On Thu, Aug 11, 2005 at 11:04:17AM +0200, Moritz Muehlenhoff wrote:
> > Horms wrote:
> > >> below patch has been slurped into the Debian patches for 2.6.8, but the
> > >> error posted looks like the same error I suffered when hitting this bug.
> > >> 
> > >> Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
> > >> 
> > >> Cut and paste from the web archive, so spacing etc. may be boned.
> > >> But it's a typo-only fix anyway, so easy enough to recreate.
> >> 
> >> Thanks I have added this to SVN. 
> >> 
> >> Is this considered a security bug and if so does it have a CAN number?
> 
> > There is no public CVE assignment for this issue. If's it easily reproducable
> > for non-root, it might account as a local DoS vulnerability.
> 
> mii-tool's IOCTL is only allowed by root.
> 
> The remote DoS comes from the fact that snmpd will call this IOCTL when it
> gets a request for the interface statistics.
> 
> So it's exploitable via SNMP if the exploiter has access to the SNMP tree
> in question. (Which is not the default, if I recall correctly?)
> 
> However, this means that cricket will bone the machine during the boot process,
> or soon after.

I think thats a strong enough reason to tag it as a security fix,
and thus include it in a kernel security update.

-- 
Horms



Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #44 received at 309308@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Horms <horms@debian.org>
Cc: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>, 309308@bugs.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org
Subject: Re: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Date: Fri, 12 Aug 2005 09:26:49 +0200
Horms wrote:
> > > There is no public CVE assignment for this issue. If's it easily reproducable
> > > for non-root, it might account as a local DoS vulnerability.
> > 
> > mii-tool's IOCTL is only allowed by root.
> > 
> > The remote DoS comes from the fact that snmpd will call this IOCTL when it
> > gets a request for the interface statistics.
> > 
> > So it's exploitable via SNMP if the exploiter has access to the SNMP tree
> > in question. (Which is not the default, if I recall correctly?)
> > 
> > However, this means that cricket will bone the machine during the boot process,
> > or soon after.
> 
> I think thats a strong enough reason to tag it as a security fix,
> and thus include it in a kernel security update.

Hi Horms,
this is now CAN-2005-2548. Can you please add it to the changelog?

Cheers,
        Moritz



Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Horms <horms@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #49 received at 309308@bugs.debian.org (full text, mbox):

From: Horms <horms@debian.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Paul TBBle Hampson <Paul.Hampson@anu.edu.au>, 309308@bugs.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org
Subject: Re: [Secure-testing-team] Re: Bug#309308: kernel-image-2.6.8-2-686-smp: VLAN Oops fix for 2.6.8
Date: Fri, 12 Aug 2005 16:40:29 +0900
On Fri, Aug 12, 2005 at 09:26:49AM +0200, Moritz Muehlenhoff wrote:
> Horms wrote:
> > > > There is no public CVE assignment for this issue. If's it easily reproducable
> > > > for non-root, it might account as a local DoS vulnerability.
> > > 
> > > mii-tool's IOCTL is only allowed by root.
> > > 
> > > The remote DoS comes from the fact that snmpd will call this IOCTL when it
> > > gets a request for the interface statistics.
> > > 
> > > So it's exploitable via SNMP if the exploiter has access to the SNMP tree
> > > in question. (Which is not the default, if I recall correctly?)
> > > 
> > > However, this means that cricket will bone the machine during the boot process,
> > > or soon after.
> > 
> > I think thats a strong enough reason to tag it as a security fix,
> > and thus include it in a kernel security update.
> 
> Hi Horms,
> this is now CAN-2005-2548. Can you please add it to the changelog?

Of course. Its in now.

-- 
Horms



Information forwarded to debian-bugs-dist@lists.debian.org, Debian kernel team <debian-kernel@lists.debian.org>:
Bug#309308; Package kernel-image-2.6.8-2-686-smp. Full text and rfc822 format available.

Acknowledgement sent to Dmitriy Kropivnitskiy <dmitriyk@forsalebyowner.com>:
Extra info received and forwarded to list. Copy sent to Debian kernel team <debian-kernel@lists.debian.org>. Full text and rfc822 format available.

Message #54 received at 309308@bugs.debian.org (full text, mbox):

From: Dmitriy Kropivnitskiy <dmitriyk@forsalebyowner.com>
To: 309308@bugs.debian.org
Subject: Similar kernel oops without the snmpwalk
Date: Thu, 25 Aug 2005 16:21:32 -0400
I do not have any SNMP related software installed on my servers and the
servers are hidden behind a NATing load balancer (ServerIron) so, I am
reasonably sure that no such package could have been sent from outside.
Nevertheless I have just had a very similar crash resulting in server
going down. I am running sarge. Here is the relevant information,

Package: kernel-image-2.6.8-2-686-smp
Version: 2.6.8-16

Relevant excerpt from the logs:
Aug 23 17:12:00 server1 kernel: Unable to handle kernel NULL pointer
dereference at virtual address 00000064
Aug 23 17:12:00 server1 kernel: printing eip:
Aug 23 17:12:00 server1 kernel: c0198f96
Aug 23 17:12:00 server1 kernel: *pde = 00000000
Aug 23 17:12:00 server1 kernel: Oops: 0000 [#1]
Aug 23 17:12:00 server1 kernel: PREEMPT SMP
Aug 23 17:12:00 server1 kernel: Modules linked in: nfs lockd sunrpc ipv6
serverworks sworks_agp agpgart ohci_hcd usbcore tg3 firmware_class tsdev
mousedev evdev dm_mod capability commoncap psmouse ide_generic ide_disk
ide_cd ide_core cdrom genrtc ext3 jbd mbcache cciss scsi_mod unix font
vesafb cfbcopyarea cfbimgblt cfbfillrect
Aug 23 17:12:00 server1 kernel: CPU:    2
Aug 23 17:12:00 server1 kernel: EIP:    0060:[<c0198f96>]    Not tainted
Aug 23 17:12:00 server1 kernel: EFLAGS: 00010286   (2.6.8-2-686-smp)
Aug 23 17:12:00 server1 kernel: EIP is at proc_pid_stat+0x1c6/0x770
Aug 23 17:12:00 server1 kernel: eax: 00000000   ebx: f7ece500   ecx:
e585e000   edx: cb2bce00
Aug 23 17:12:00 server1 kernel: esi: ef224000   edi: c035fe20   ebp:
f78901b0   esp: ef225e20
Aug 23 17:12:00 server1 kernel: ds: 007b   es: 007b   ss: 0068
Aug 23 17:12:00 server1 kernel: Process monit (pid: 3297,
threadinfo=ef224000 task=f78f4030)
Aug 23 17:12:00 server1 kernel: Stack: f78901b0 ef225f2c ef225f24
f7890f6a 00000053 00005e97 00005e97 00005e3b
Aug 23 17:12:00 server1 kernel: 00000000 ffffffff 00000100 000003cb
00000000 00000000 ef224000 d2805c90
Aug 23 17:12:00 server1 kernel: f78901b0 d2805c80 c0196224 f78901b0
d2805c90 d11bd170 ef225f60 f7fbb480
Aug 23 17:12:00 server1 kernel: Call Trace:
Aug 23 17:12:00 server1 kernel: [<c0196224>] pid_revalidate+0x64/0xf0
Aug 23 17:12:00 server1 kernel: [<c0179f11>] dput+0x31/0x270
Aug 23 17:12:00 server1 kernel: [<c017006e>] link_path_walk+0xc2e/0x1020
Aug 23 17:12:00 server1 kernel: [<c016dbde>] pipe_wait+0x7e/0xa0
Aug 23 17:12:00 server1 kernel: [<c0142c06>] buffered_rmqueue+0x116/0x230
Aug 23 17:12:00 server1 kernel: [<c016dbde>] pipe_wait+0x7e/0xa0
Aug 23 17:12:00 server1 kernel: [<c019555a>] proc_info_read+0x4a/0x120
Aug 23 17:12:00 server1 kernel: [<c015fc1d>] vfs_read+0xed/0x160
Aug 23 17:12:00 server1 kernel: [<c015fef1>] sys_read+0x51/0x80
Aug 23 17:12:00 server1 kernel: [<c01061fb>] syscall_call+0x7/0xb
Aug 23 17:12:00 server1 kernel: Code: 8b 50 64 8b 70 68 8b 41 08 c1 e2
14 09 f2 01 c2 89 d0 c1 e8
Aug 23 17:12:00 server1 kernel: <6>note: monit[3297] exited with
preempt_count 1

Since monit (service monitor daemon) seems to be relevant in this case
here is my monit config file:

set daemon 30
set logfile syslog facility log_daemon
set mailserver <mailserver>
set mail-format { from: <email> }
set alert <email>

set httpd port 2812
allow <user:passwd>

# start monitor descriptions

check process apache with pidfile /var/run/apache.pid
        start program = "/etc/init.d/apache start"
        stop program  = "/etc/init.d/apache stop"

        if failed host marvin port 80 protocol http request /test.php
timeout 5 seconds then alert
        if failed host marvin port 443 type tcpssl protocol http request
/test.php timeout 5 seconds then alert
        if cpu is greater than 90% for 5 cycles then alert
        if children > 300 for 5 cycles then alert
        if loadavg(5min) greater than 10 for 8 cycles then alert
        if 3 restarts within 5 cycles then timeout
        mode passive
        group server

check process sshd with pidfile /var/run/sshd.pid
        start program  "/etc/init.d/ssh start"
        stop program  "/etc/init.d/ssh stop"
        if failed port 22 protocol ssh then alert
        if 5 restarts within 5 cycles then timeout
        group server

check device root with path /dev/cciss/c0d0p1
        if space usage > 90% then alert
        mode passive





Reply sent to Simon Horman <horms@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Peter Sandstrom <peter.sandstrom@jajja.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #59 received at 309308-close@bugs.debian.org (full text, mbox):

From: Simon Horman <horms@debian.org>
To: 309308-close@bugs.debian.org
Subject: Bug#309308: fixed in kernel-source-2.6.8 2.6.8-16sarge1
Date: Wed, 14 Dec 2005 19:47:25 -0800
Source: kernel-source-2.6.8
Source-Version: 2.6.8-16sarge1

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.6.8, which is due to be installed in the Debian FTP archive:

kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
kernel-source-2.6.8_2.6.8-16sarge1.dsc
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.dsc
kernel-source-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1_all.deb
kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 309308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.6.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 15 Aug 2005 18:51:34 +0900
Source: kernel-source-2.6.8
Binary: kernel-source-2.6.8 kernel-doc-2.6.8 kernel-tree-2.6.8 kernel-patch-debian-2.6.8
Architecture: source all
Version: 2.6.8-16sarge1
Distribution: stable-security
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description: 
 kernel-doc-2.6.8 - Linux kernel specific documentation for version 2.6.8
 kernel-patch-debian-2.6.8 - Debian patches to Linux 2.6.8
 kernel-source-2.6.8 - Linux kernel source for version 2.6.8 with Debian patches
 kernel-tree-2.6.8 - Linux kernel source tree for building Debian kernel images
Closes: 309308 311357 317286 321401 322237 322339 323059
Changes: 
 kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
 .
   [ Dann Frazier ]
   * mckinley_icache.dpatch:
     [Security] Fix a cache coherency bug unearthed by a new ia64 processor,
     codenamed Montecito.  This bug causes data corruption that has manifested
     itself in kernel hangs and userspace crashes, and causes d-i to fail.
     Reference: http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
     N.B: I have marked this as security as it seems that it would
     be trivial to construct a user-space DoS - Simon Horman.
 .
   [ Simon Horman ]
   # Excluded from security-only release
   # * drivers-net-via-rhine-wol-oops.dpatch (removed):
   #   This patch breaks the via-rhine driver and 2.6.8 and is
   #   completely bogus for this version of the kernel
   #   (closes: #311357)
 .
   * arch-x86_64-kernel-ptrace-boundary-check.dpatch
     [Security, x86_64] Don't allow accesses below register frame in ptrace
     See CAN-2005-1763.
 .
   * arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
     [Security, x86_64] This works around an AMD Erratum by
     checking if the ptrace RIP is canonical.
     See CAN-2005-1762
 .
   * arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
     [Security, x86_64] Fix canonical checking for segment registers in ptrace
     See CAN-2005-0756
 .
   * arch-x86_64-kernel-smp-boot-race.dpatch
     [Security, x86_64] Keep interrupts disabled during smp bootup
     This avoids a race that breaks SMP bootup on some machines.
 .
   * arch-x86_64-mm-ioremap-page-lookup.dpatch
     [Security, x86_64] Don't look up struct page pointer of physical address
     in iounmap as it may be in a memory hole not mapped in mem_map and that
     causes the hash lookup to go off to nirvana.
 .
   # Excluded from security-only release
   # * drivers-media-vidio-bttv-vc100xp-detect.dpatch
   #   Allow Leadtek WinFast VC100 XP cards to work.
 .
   * fs-exec-ptrace-core-exec-race.dpatch
     [Security] Fix race between core dumping and exec with shared mm
 .
   * fs-exec-ptrace-deadlock.dpatch
     [Security] Fix coredump_wait deadlock with ptracer & tracee on shared mm
 .
   * fs-exec-posix-timers-leak-1.dpatch,
     [Security] fs-exec-posix-timers-leak-2.dpatch
     Make exec clean up posix timers.
 .
   * fs-hfs-oops-and-leak.dpatch
     [Security] Fix a leak in HFS and HFS+
     Fix an oops that occurs when an attempt is made to
     mount a non-hfs filesystem as HFS+.
     N.B: Marked as security as users may have mount privelages.
 .
   # Excluded from security-only release
   # * fs-jbd-checkpoint-assertion.dpatch
   #   Fix possible false assertion failure in log_do_checkpoint(). We might fail
   #   to detect that we actually made a progress when cleaning up the checkpoint
   #   lists if we don't retry after writing something to disk.
 .
   * mm-mmap-range-test.dpatch
     [Security] Make sure get_unmapped_area sanity tests are done regardless of
     wheater MAP_FIXED is set or not.
     See CAN-2005-1265
 .
   # Excluded from security-only release
   # * mm-rmap-out-of-bounds-pte.dpatch
   #   Stop try_to_unmap_cluster() passing out-of-bounds pte to pte_unmap()
 .
   * net-bridge-netfilter-etables-smp-race.dpatch
     [Security] The patch below fixes an smp race that happens on such
     systems under heavy load.
 .
   Excluded from security-only release
   * net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
     Fix oops when mangling and brouting and tcpdumping packets
     Needed for net-bridge-forwarding-poison-1.dpatch
 .
   * net-bridge-forwarding-poison-2.dpatch,
     net-bridge-forwarding-poison-2.dpatch:
     [Security] Avoid poisoning of the bridge forwarding table by frames that
     have been dropped by filtering. This prevents spoofed source addresses on
     hostile side of bridge from causing packet leakage, a small but possible
     security risk.
 .
   # Excluded from security-only release
   # * net-ipv4-netfilter-ip_queue-deadlock.dpatch
   #   Fix deadlock with ip_queue and tcp local input path.
 .
   * [Security] net-rose-ndigis-verify.dpatch
     Verify ndigis argument of a new route.
 .
   * sound-usb-usbaudio-unplug-oops.dpatch
     [Security] Prevent oops & dead keyboard on usb unplugging while the device
     is being used.
 .
   * net-ipv4-ipvs-conn_tab-race.dpatch
     [Security] Fix race condition on ip_vs_conn_tab list modification
 .
   # Excluded from security-only release
   # * asm-i386-mem-clobber.dpatch:
   #   Make sure gcc doesn't reorder memory accesses in strncmp and friends on
   #   i386.
 .
   # Excluded from security-only release
   # * drivers-acpi-pci_irq-elcr.dpatch:
   #   Make sure we call acpi_register_gsi() even for default PCI interrupt
   #   assignment. That's the part that keeps track of the ELCR register, and we
   #   want to make sure that the PCI interrupts are properly marked level/low.
 .
   * asm-i386-mem-clobber.dpatch:
     Make sure netlink_autobind() propagates the error return from
     netlink_insert().  Otherwise, callers will not see the error as they
     should and thus try to operate on a socket with a zero pid, which is very
     bad.
 .
   * fs-ext3-64bit-offset.dpatch
     [Security] Incorrect offset checks for ext3 xattr on 64 bit architectures
     an lead to a local DoS.
     See CAN-2005-0757. (see: #311164).
 .
   * arch-x86_64-mm-mmap.dpatch
     [Security, x86_64] Compat mode program can hang kernel
     See CAN-2005-1765.
 .
   * arch-ia64-ptrace-getregs-putregs.dpatch
     [Security, ia64] Fix unchecked user-memory accesses in ptrage_getregs()
     and ptrace_setregs.
 .
   * arch-ia64-ptrace-restore_sigcontext.dpatch
     [Security, ia64] Fix to prevent users from using ptrace to set the pl field
     of the ar.rsc reginster to any value, leading to the
     ability to overwrite kernel memory.
     Note, this patch requires the arch-ia64-ptrace-getregs-putregs.dpatch
     patch to apply cleanly.
     See CAN-2005-1761.
 .
   # Excluded from security-only release
   # * Makefile-gcc-3.3.dpatch, control
   #   Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
   #   fails to build this source. As this tree is primarily
   #   intended for use with sarge, there seems little point
   #   in putting in gcc-4.0 fixes, but at the same time,
   #   there is some value in being able to use it with unstable.
   #   (Closes: #323059)
 .
   [ dann frazier ]
   * Merge in applicable fixes from 2.6.12.3
      - [Security] ppc32-time_offset-misuse.dpatch
      # Excluded from security-only release - v4l-cx88-hue-offset-fix.dpatch
      # Excluded from security-only release - tty_ldisc_ref-return-null-check.dpatch
 .
   * Merge in applicable fixes from 2.6.12.4
      - [Security] netfilter-NAT-memory-corruption.dpatch
      # Excluded from security-only release - netfilter-deadlock-ip6_queue.dpatch
      - [Security] ipsec-array-overflow.dpatch See CAN-2005-2456
        (See: #321401) (Closes: #321401)
      - [Security] netfilter-ip_conntrack_untracked-refcount.dpatch
      - [Security] sys_get_thread_area-leak.dpatch
      # Excluded from security-only release - rocket_c-fix-ldisc-ref-count.dpatch
      # Excluded from security-only release - early-vlan-fix.dpatch
 .
   [ Simon Horman ]
   * fs_ext2_ext3_xattr-sharing.dpatch
     [Security] Xattr sharing bug
     See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 .
   * vlan-mii-ioctl.dpatch
     [Security] MII ioctl pass through was passing the wrong device.
     See http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
     See CAN-2005-2548 (Closes: #309308)
 .
   * fs-sysfs-read-write-race.dpatch
     [Security] Fix race in sysfs_read_file() and sysfs_write_file()
     that can lead to a user-space DoS.
     See CAN-2004-2302 (Closes: #322339)
 .
   * net-ipv4-netfilter-ip_recent-last_pkts.dpatch
     [Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
     (Closes: #322237)
 .
   # Excluded from security-only release
   # * drivers-sata-promise-sataii_tx2_tx4.dpatch
   #   Add SATAII TX2 and TX2/TX4 support to sata promise driver
   #   (Closes: #317286)
 .
   [ Frederik Schüler ]
   * arch-x86_64-mm-ioremap-page-lookup-fix.dpatch
     Add build fix for arch-x86_64-mm-ioremap-page-lookup.dpatch
 .
   [ Simon Horman ]
   * arch-x86_64-kernel-stack-faults.dpatch
     arch-x86_64-nmi.dpatch
     arch-x86_64-private-tss.dpatch
     [Security, x86_64] Disable exception stack for stack faults
     See CAN-2005-1767
 .
   * linux-zlib-fixes.dpatch
     [Security] Fix security bugs in the Linux zlib implementations.
     See CAN-2005-2458, CAN-2005-2459
     From 2.6.12.5
     http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
     http://bugs.gentoo.org/show_bug.cgi?id=94584
 .
   # Excluded from security-only release
   # * zisofs.dpatch
   #   Check input buffer size in zisofs
   #   From 2.6.12.5
 .
   # Excluded from security-only release
   # * module-per-cpu-alignment-fix.dpatch
   #   Module per-cpu alignment cannot always be met
   #  From 2.6.12.5
Files: 
 37a61dc966c032d1529e2c2a524c9cfa 1001 devel optional kernel-source-2.6.8_2.6.8-16sarge1.dsc
 cd72f4d2eb2309a2d77d2ec7a3471c7c 961237 devel optional kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
 309f32838373e76c9b61be0e6c191252 1007230 devel optional kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
 65dca34768d7aa10074845d9b2f20431 34934446 devel optional kernel-source-2.6.8_2.6.8-16sarge1_all.deb
 5b04fd03ede3ae235a03624dc53e2026 32120 devel optional kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
 b7388d2256a4396d2da938a687b3ab9b 6179472 doc optional kernel-doc-2.6.8_2.6.8-16sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDoOUqA8ACPgVBDpcRAswmAKCuyLvQggukJ2gYUkzc/zwzx8/jLwCgnuwK
tCrTzKYPUDtdLwcJpcDYHjg=
=cfl6
-----END PGP SIGNATURE-----




Reply sent to Simon Horman <horms@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Peter Sandstrom <peter.sandstrom@jajja.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #64 received at 309308-close@bugs.debian.org (full text, mbox):

From: Simon Horman <horms@debian.org>
To: 309308-close@bugs.debian.org
Subject: Bug#309308: fixed in kernel-source-2.6.8 2.6.8-16sarge1
Date: Fri, 16 Dec 2005 21:30:24 -0800
Source: kernel-source-2.6.8
Source-Version: 2.6.8-16sarge1

We believe that the bug you reported is fixed in the latest version of
kernel-source-2.6.8, which is due to be installed in the Debian FTP archive:

kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
kernel-source-2.6.8_2.6.8-16sarge1.dsc
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.dsc
kernel-source-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1_all.deb
kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
  to pool/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 309308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Horman <horms@debian.org> (supplier of updated kernel-source-2.6.8 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 15 Aug 2005 18:51:34 +0900
Source: kernel-source-2.6.8
Binary: kernel-source-2.6.8 kernel-doc-2.6.8 kernel-tree-2.6.8 kernel-patch-debian-2.6.8
Architecture: source all
Version: 2.6.8-16sarge1
Distribution: stable-security
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Simon Horman <horms@debian.org>
Description: 
 kernel-doc-2.6.8 - Linux kernel specific documentation for version 2.6.8
 kernel-patch-debian-2.6.8 - Debian patches to Linux 2.6.8
 kernel-source-2.6.8 - Linux kernel source for version 2.6.8 with Debian patches
 kernel-tree-2.6.8 - Linux kernel source tree for building Debian kernel images
Closes: 309308 311357 317286 321401 322237 322339 323059
Changes: 
 kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
 .
   [ Dann Frazier ]
   * mckinley_icache.dpatch:
     [Security] Fix a cache coherency bug unearthed by a new ia64 processor,
     codenamed Montecito.  This bug causes data corruption that has manifested
     itself in kernel hangs and userspace crashes, and causes d-i to fail.
     Reference: http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
     N.B: I have marked this as security as it seems that it would
     be trivial to construct a user-space DoS - Simon Horman.
 .
   [ Simon Horman ]
   # Excluded from security-only release
   # * drivers-net-via-rhine-wol-oops.dpatch (removed):
   #   This patch breaks the via-rhine driver and 2.6.8 and is
   #   completely bogus for this version of the kernel
   #   (closes: #311357)
 .
   * arch-x86_64-kernel-ptrace-boundary-check.dpatch
     [Security, x86_64] Don't allow accesses below register frame in ptrace
     See CAN-2005-1763.
 .
   * arch-x86_64-kernel-ptrace-canonical-rip-1.dpatch
     [Security, x86_64] This works around an AMD Erratum by
     checking if the ptrace RIP is canonical.
     See CAN-2005-1762
 .
   * arch-x86_64-kernel-ptrace-canonical-rip-2.dpatch
     [Security, x86_64] Fix canonical checking for segment registers in ptrace
     See CAN-2005-0756
 .
   * arch-x86_64-kernel-smp-boot-race.dpatch
     [Security, x86_64] Keep interrupts disabled during smp bootup
     This avoids a race that breaks SMP bootup on some machines.
 .
   * arch-x86_64-mm-ioremap-page-lookup.dpatch
     [Security, x86_64] Don't look up struct page pointer of physical address
     in iounmap as it may be in a memory hole not mapped in mem_map and that
     causes the hash lookup to go off to nirvana.
 .
   # Excluded from security-only release
   # * drivers-media-vidio-bttv-vc100xp-detect.dpatch
   #   Allow Leadtek WinFast VC100 XP cards to work.
 .
   * fs-exec-ptrace-core-exec-race.dpatch
     [Security] Fix race between core dumping and exec with shared mm
 .
   * fs-exec-ptrace-deadlock.dpatch
     [Security] Fix coredump_wait deadlock with ptracer & tracee on shared mm
 .
   * fs-exec-posix-timers-leak-1.dpatch,
     [Security] fs-exec-posix-timers-leak-2.dpatch
     Make exec clean up posix timers.
 .
   * fs-hfs-oops-and-leak.dpatch
     [Security] Fix a leak in HFS and HFS+
     Fix an oops that occurs when an attempt is made to
     mount a non-hfs filesystem as HFS+.
     N.B: Marked as security as users may have mount privelages.
 .
   # Excluded from security-only release
   # * fs-jbd-checkpoint-assertion.dpatch
   #   Fix possible false assertion failure in log_do_checkpoint(). We might fail
   #   to detect that we actually made a progress when cleaning up the checkpoint
   #   lists if we don't retry after writing something to disk.
 .
   * mm-mmap-range-test.dpatch
     [Security] Make sure get_unmapped_area sanity tests are done regardless of
     wheater MAP_FIXED is set or not.
     See CAN-2005-1265
 .
   # Excluded from security-only release
   # * mm-rmap-out-of-bounds-pte.dpatch
   #   Stop try_to_unmap_cluster() passing out-of-bounds pte to pte_unmap()
 .
   * net-bridge-netfilter-etables-smp-race.dpatch
     [Security] The patch below fixes an smp race that happens on such
     systems under heavy load.
 .
   Excluded from security-only release
   * net-bridge-mangle-oops-1.dpatch, net-bridge-mangle-oops-2.dpatch
     Fix oops when mangling and brouting and tcpdumping packets
     Needed for net-bridge-forwarding-poison-1.dpatch
 .
   * net-bridge-forwarding-poison-2.dpatch,
     net-bridge-forwarding-poison-2.dpatch:
     [Security] Avoid poisoning of the bridge forwarding table by frames that
     have been dropped by filtering. This prevents spoofed source addresses on
     hostile side of bridge from causing packet leakage, a small but possible
     security risk.
 .
   # Excluded from security-only release
   # * net-ipv4-netfilter-ip_queue-deadlock.dpatch
   #   Fix deadlock with ip_queue and tcp local input path.
 .
   * [Security] net-rose-ndigis-verify.dpatch
     Verify ndigis argument of a new route.
 .
   * sound-usb-usbaudio-unplug-oops.dpatch
     [Security] Prevent oops & dead keyboard on usb unplugging while the device
     is being used.
 .
   * net-ipv4-ipvs-conn_tab-race.dpatch
     [Security] Fix race condition on ip_vs_conn_tab list modification
 .
   # Excluded from security-only release
   # * asm-i386-mem-clobber.dpatch:
   #   Make sure gcc doesn't reorder memory accesses in strncmp and friends on
   #   i386.
 .
   # Excluded from security-only release
   # * drivers-acpi-pci_irq-elcr.dpatch:
   #   Make sure we call acpi_register_gsi() even for default PCI interrupt
   #   assignment. That's the part that keeps track of the ELCR register, and we
   #   want to make sure that the PCI interrupts are properly marked level/low.
 .
   * asm-i386-mem-clobber.dpatch:
     Make sure netlink_autobind() propagates the error return from
     netlink_insert().  Otherwise, callers will not see the error as they
     should and thus try to operate on a socket with a zero pid, which is very
     bad.
 .
   * fs-ext3-64bit-offset.dpatch
     [Security] Incorrect offset checks for ext3 xattr on 64 bit architectures
     an lead to a local DoS.
     See CAN-2005-0757. (see: #311164).
 .
   * arch-x86_64-mm-mmap.dpatch
     [Security, x86_64] Compat mode program can hang kernel
     See CAN-2005-1765.
 .
   * arch-ia64-ptrace-getregs-putregs.dpatch
     [Security, ia64] Fix unchecked user-memory accesses in ptrage_getregs()
     and ptrace_setregs.
 .
   * arch-ia64-ptrace-restore_sigcontext.dpatch
     [Security, ia64] Fix to prevent users from using ptrace to set the pl field
     of the ar.rsc reginster to any value, leading to the
     ability to overwrite kernel memory.
     Note, this patch requires the arch-ia64-ptrace-getregs-putregs.dpatch
     patch to apply cleanly.
     See CAN-2005-1761.
 .
   # Excluded from security-only release
   # * Makefile-gcc-3.3.dpatch, control
   #   Build with gcc-3.3, as gcc-4.0, now the dedault in unstable,
   #   fails to build this source. As this tree is primarily
   #   intended for use with sarge, there seems little point
   #   in putting in gcc-4.0 fixes, but at the same time,
   #   there is some value in being able to use it with unstable.
   #   (Closes: #323059)
 .
   [ dann frazier ]
   * Merge in applicable fixes from 2.6.12.3
      - [Security] ppc32-time_offset-misuse.dpatch
      # Excluded from security-only release - v4l-cx88-hue-offset-fix.dpatch
      # Excluded from security-only release - tty_ldisc_ref-return-null-check.dpatch
 .
   * Merge in applicable fixes from 2.6.12.4
      - [Security] netfilter-NAT-memory-corruption.dpatch
      # Excluded from security-only release - netfilter-deadlock-ip6_queue.dpatch
      - [Security] ipsec-array-overflow.dpatch See CAN-2005-2456
        (See: #321401) (Closes: #321401)
      - [Security] netfilter-ip_conntrack_untracked-refcount.dpatch
      - [Security] sys_get_thread_area-leak.dpatch
      # Excluded from security-only release - rocket_c-fix-ldisc-ref-count.dpatch
      # Excluded from security-only release - early-vlan-fix.dpatch
 .
   [ Simon Horman ]
   * fs_ext2_ext3_xattr-sharing.dpatch
     [Security] Xattr sharing bug
     See http://lists.debian.org/debian-kernel/2005/08/msg00238.html
 .
   * vlan-mii-ioctl.dpatch
     [Security] MII ioctl pass through was passing the wrong device.
     See http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
     See CAN-2005-2548 (Closes: #309308)
 .
   * fs-sysfs-read-write-race.dpatch
     [Security] Fix race in sysfs_read_file() and sysfs_write_file()
     that can lead to a user-space DoS.
     See CAN-2004-2302 (Closes: #322339)
 .
   * net-ipv4-netfilter-ip_recent-last_pkts.dpatch
     [Security] Fixes remote DoS when using ipt_recent on a 64 bit machine.
     (Closes: #322237)
 .
   # Excluded from security-only release
   # * drivers-sata-promise-sataii_tx2_tx4.dpatch
   #   Add SATAII TX2 and TX2/TX4 support to sata promise driver
   #   (Closes: #317286)
 .
   [ Frederik Schüler ]
   * arch-x86_64-mm-ioremap-page-lookup-fix.dpatch
     Add build fix for arch-x86_64-mm-ioremap-page-lookup.dpatch
 .
   [ Simon Horman ]
   * arch-x86_64-kernel-stack-faults.dpatch
     arch-x86_64-nmi.dpatch
     arch-x86_64-private-tss.dpatch
     [Security, x86_64] Disable exception stack for stack faults
     See CAN-2005-1767
 .
   * linux-zlib-fixes.dpatch
     [Security] Fix security bugs in the Linux zlib implementations.
     See CAN-2005-2458, CAN-2005-2459
     From 2.6.12.5
     http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
     http://bugs.gentoo.org/show_bug.cgi?id=94584
 .
   # Excluded from security-only release
   # * zisofs.dpatch
   #   Check input buffer size in zisofs
   #   From 2.6.12.5
 .
   # Excluded from security-only release
   # * module-per-cpu-alignment-fix.dpatch
   #   Module per-cpu alignment cannot always be met
   #  From 2.6.12.5
Files: 
 37a61dc966c032d1529e2c2a524c9cfa 1001 devel optional kernel-source-2.6.8_2.6.8-16sarge1.dsc
 cd72f4d2eb2309a2d77d2ec7a3471c7c 961237 devel optional kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
 309f32838373e76c9b61be0e6c191252 1007230 devel optional kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
 65dca34768d7aa10074845d9b2f20431 34934446 devel optional kernel-source-2.6.8_2.6.8-16sarge1_all.deb
 5b04fd03ede3ae235a03624dc53e2026 32120 devel optional kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
 b7388d2256a4396d2da938a687b3ab9b 6179472 doc optional kernel-doc-2.6.8_2.6.8-16sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDoOUqA8ACPgVBDpcRAswmAKCuyLvQggukJ2gYUkzc/zwzx8/jLwCgnuwK
tCrTzKYPUDtdLwcJpcDYHjg=
=cfl6
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 17 Jun 2007 12:32:23 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 01:42:55 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.